Re: [License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).
Might be a good idea to finally start the list of non-open licenses someone suggested a few months ago ;) Luis On Oct 14, 2013 2:28 PM, Tom Callaway tcall...@redhat.com wrote: On 10/14/2013 09:32 PM, Karl Fogel wrote: Obviously, I'd like to see TrueCrypt be truly open source. The ideal solution is not to have them remove the words open source from their self-description, but rather for their software to be under an OSI-approved open source license I have not looked at the TrueCrypt license (in depth) in quite some time, but when Fedora and Red Hat reviewed it in 2008, not only was it non-free, it was actually dangerous. (from 2008): http://lists.freedesktop.org/archives/distributions/2008-October/000273.html http://lists.freedesktop.org/archives/distributions/2008-October/000276.html They appear to have reworded some concerning parts of that license, however, when we pointed out these concerns to them directly in 2008, their response was to forcefully (and rather rudely) reply that the problems caused by their license wording were not problems, but intentional. That alone gave us serious concern as to the intentions of the upstream, especially given the nature of the software under that license. Notable is that Section VI.3 appears to be the same in the TrueCrypt license as it was in 2008. It is arguably necessary for any Free or Open Source license to waive some intellectual property rights in order to share those rights (which default to being exclusive to the copyright holder) with others. This section was noted to the TrueCrypt upstream (in 2008) as potentially conflicting with the rest of the license, and again, they pointed out that they were aware of the potential conflict and that it was _intentional_. In short, we were forced to conclude the license was worded the way that it was (with clever wording traps) as a sort of sham license. For what it is worth, I'm not sure the OSI should voluntarily spend any time or effort on the TrueCrypt license unless the TrueCrypt copyright holder brings it forward themselves with a willingness to address these issues in a serious and reasonable fashion. The fact that there are other FOSS implementations for TrueCrypt (most notably tc-play (https://github.com/bwalex/tc-play) minimizes the need to resolve these issues with the upstream, which is why Fedora stopped attempting to do so quite some years ago. ~tom == Fedora Project ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).
Tom Callaway tcall...@redhat.com writes: (from 2008): http://lists.freedesktop.org/archives/distributions/2008-October/000273.html http://lists.freedesktop.org/archives/distributions/2008-October/000276.html [...] For what it is worth, I'm not sure the OSI should voluntarily spend any time or effort on the TrueCrypt license unless the TrueCrypt copyright holder brings it forward themselves with a willingness to address these issues in a serious and reasonable fashion. The fact that there are other FOSS implementations for TrueCrypt (most notably tc-play (https://github.com/bwalex/tc-play) minimizes the need to resolve these issues with the upstream, which is why Fedora stopped attempting to do so quite some years ago. Thanks so much for the history, Tom; that thread is hugely educational. The question for OSI, I think, is not just whether or not to spend time on the license, but (if trying to address license issues doesn't work out) do we ask them to stop describing it as open source if they're not willing to license it under an open source license? I'm not saying for sure that it is or isn't open source -- the point of this thread is to gather information -- but the history you've provided makes it clear there are areas of concern beyond even what I noticed when I glanced over the license. -Karl ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).
On Mon, Oct 14, 2013 at 5:32 PM, Luis Villa l...@lu.is wrote: Might be a good idea to finally start the list of non-open licenses someone suggested a few months ago ;) Oh, that is *such* a good idea. This is the list of licenses that people often mistake for being open source, or whose authors claim are open source, but are actually not or at least have not been evaluated by the OSI, right? -K On Oct 14, 2013 2:28 PM, Tom Callaway tcall...@redhat.com wrote: On 10/14/2013 09:32 PM, Karl Fogel wrote: Obviously, I'd like to see TrueCrypt be truly open source. The ideal solution is not to have them remove the words open source from their self-description, but rather for their software to be under an OSI-approved open source license I have not looked at the TrueCrypt license (in depth) in quite some time, but when Fedora and Red Hat reviewed it in 2008, not only was it non-free, it was actually dangerous. (from 2008): http://lists.freedesktop.org/archives/distributions/2008-October/000273.html http://lists.freedesktop.org/archives/distributions/2008-October/000276.html They appear to have reworded some concerning parts of that license, however, when we pointed out these concerns to them directly in 2008, their response was to forcefully (and rather rudely) reply that the problems caused by their license wording were not problems, but intentional. That alone gave us serious concern as to the intentions of the upstream, especially given the nature of the software under that license. Notable is that Section VI.3 appears to be the same in the TrueCrypt license as it was in 2008. It is arguably necessary for any Free or Open Source license to waive some intellectual property rights in order to share those rights (which default to being exclusive to the copyright holder) with others. This section was noted to the TrueCrypt upstream (in 2008) as potentially conflicting with the rest of the license, and again, they pointed out that they were aware of the potential conflict and that it was _intentional_. In short, we were forced to conclude the license was worded the way that it was (with clever wording traps) as a sort of sham license. For what it is worth, I'm not sure the OSI should voluntarily spend any time or effort on the TrueCrypt license unless the TrueCrypt copyright holder brings it forward themselves with a willingness to address these issues in a serious and reasonable fashion. The fact that there are other FOSS implementations for TrueCrypt (most notably tc-play (https://github.com/bwalex/tc-play) minimizes the need to resolve these issues with the upstream, which is why Fedora stopped attempting to do so quite some years ago. ~tom == Fedora Project ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] TrueCrypt license (not OSI-approved; seeking history, context).
And to be clear, I say that without having thoroughly read the license. At a glance, the no charge issue mentioned in Spot's links seems to remain, but at least one other is remedied, possibly two. Luis On Oct 14, 2013 3:32 PM, Luis Villa l...@lu.is wrote: Might be a good idea to finally start the list of non-open licenses someone suggested a few months ago ;) Luis On Oct 14, 2013 2:28 PM, Tom Callaway tcall...@redhat.com wrote: On 10/14/2013 09:32 PM, Karl Fogel wrote: Obviously, I'd like to see TrueCrypt be truly open source. The ideal solution is not to have them remove the words open source from their self-description, but rather for their software to be under an OSI-approved open source license I have not looked at the TrueCrypt license (in depth) in quite some time, but when Fedora and Red Hat reviewed it in 2008, not only was it non-free, it was actually dangerous. (from 2008): http://lists.freedesktop.org/archives/distributions/2008-October/000273.html http://lists.freedesktop.org/archives/distributions/2008-October/000276.html They appear to have reworded some concerning parts of that license, however, when we pointed out these concerns to them directly in 2008, their response was to forcefully (and rather rudely) reply that the problems caused by their license wording were not problems, but intentional. That alone gave us serious concern as to the intentions of the upstream, especially given the nature of the software under that license. Notable is that Section VI.3 appears to be the same in the TrueCrypt license as it was in 2008. It is arguably necessary for any Free or Open Source license to waive some intellectual property rights in order to share those rights (which default to being exclusive to the copyright holder) with others. This section was noted to the TrueCrypt upstream (in 2008) as potentially conflicting with the rest of the license, and again, they pointed out that they were aware of the potential conflict and that it was _intentional_. In short, we were forced to conclude the license was worded the way that it was (with clever wording traps) as a sort of sham license. For what it is worth, I'm not sure the OSI should voluntarily spend any time or effort on the TrueCrypt license unless the TrueCrypt copyright holder brings it forward themselves with a willingness to address these issues in a serious and reasonable fashion. The fact that there are other FOSS implementations for TrueCrypt (most notably tc-play (https://github.com/bwalex/tc-play) minimizes the need to resolve these issues with the upstream, which is why Fedora stopped attempting to do so quite some years ago. ~tom == Fedora Project ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
